/etc/cron.daily/sysstat produce system activity reports (sar) files in /var/log/sa that are world writeable. This crontab runs /usr/lib/sa/sa2. Perhaps either /etc/cron.daily/sysstat or /usr/lib/sa/sa2 should have a "umask 0022" command before the rest of the script runs. Actual results: /# ls -l /var/log/sa/sar* -rw-rw-rw- 1 root root 160045 Apr 2 19:05 /var/log/sa/sar01 -rw-rw-rw- 1 root root 268922 Apr 3 19:05 /var/log/sa/sar02 -rw-rw-rw- 1 root root 270732 Apr 4 19:05 /var/log/sa/sar03 -rw-rw-rw- 1 root root 280990 Apr 5 19:05 /var/log/sa/sar04 -rw-rw-rw- 1 root root 271897 Apr 6 19:05 /var/log/sa/sar05 -rw-rw-rw- 1 root root 360662 Apr 7 04:09 /var/log/sa/sar06 -rw-r--r-- 1 root root 279781 Mar 30 19:05 /var/log/sa/sar29 -rw-r--r-- 1 root root 256732 Mar 31 19:05 /var/log/sa/sar30 -rw-rw-rw- 1 root root 223639 Apr 1 19:05 /var/log/sa/sar31 Expected results: /# ls -l /var/log/sa/sar* -rw-r--r-- 1 root root 160045 Apr 2 19:05 /var/log/sa/sar01 -rw-r--r-- 1 root root 268922 Apr 3 19:05 /var/log/sa/sar02 -rw-r--r-- 1 root root 270732 Apr 4 19:05 /var/log/sa/sar03 -rw-r--r-- 1 root root 280990 Apr 5 19:05 /var/log/sa/sar04 -rw-r--r-- 1 root root 271897 Apr 6 19:05 /var/log/sa/sar05 -rw-r--r-- 1 root root 360662 Apr 7 04:09 /var/log/sa/sar06 -rw-r--r-- 1 root root 279781 Mar 30 19:05 /var/log/sa/sar29 -rw-r--r-- 1 root root 256732 Mar 31 19:05 /var/log/sa/sar30 -rw-r--r-- 1 root root 223639 Apr 1 19:05 /var/log/sa/sar31 Additional info: You may notice that the files for Mar 30 and 31 had the correct permissions. I don't know why they don't all have the same permissions, but "umask 0022" in /usr/lib/sa/sa2 would prevent this from happening.
you must have messed with root's default umask, because this isn't out-of-the-box behaviour. Still, I agree that it is safer to explicitly set the umask. changed in -3 and later.